from rest_framework import permissions
class IsOwnerOrReadOnly(permissions.BasePermission):

    def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        # 数据库查到的用户和当前用户校验
        return obj.user == request.user
